Did you think DDoS attacks were over? They are not. Actually, recent research has discovered that these attacks attained a record high during the pandemic.
Some stats your way
A report by Link11 suggests that as attack surfaces increased due to the rapid digital transformation necessitated by the pandemic, DDoS attackers adapted to these changes and have been thriving since then.
The number of attacks almost doubled between February to September 2020. More than 50 million attacks were observed in the span of a year.
Businesses with inadequate cybersecurity measures suffered from high-volume attacks of over 50Gbps.
Attacks became complex with 59% of them being muti-vector attacks. The highest number of vectors used in a single attack was fourteen.
The longest DDoS attack lasted 5,698 minutes, which equates to four days of continuous onslaught.
Not only VPNs and APIs, but attackers are targeting every available surface, including databases, CRMs, and web and email servers.
There has been an increase in flaws that could be exploited by DDoS threat actors who are on the constant lookout for new protocols and ports to exploit.
The second half of 2020 saw a surge in DDoS extortion efforts by threat actors claiming to be Fancy Bear, Armada Collective, Lazarus, and Cozy Bear. These campaigns targeted financial services, critical infrastructure, hosting providers, and online retailers across the globe.
This was about 2020 and the threat is no less in 2021. Let’s check it out, shall we?
LittleBigPlanet’s servers were taken offline after fans complained about ongoing DDoS attacks affecting community features.
Netscout observed DDoS-for-hire services taking up a new amplification vector - Datagram Transport Layer Security (D/TLS). This vector enables attackers to amplify the attacks by a factor of 37. Approximately 4,300 publicly reachable D/TLS servers were found to be vulnerable to the exploit.
Earlier this month, Google warned of bots causing troubles for businesses, especially through DDoS attacks. While 78% of organizations use DDoS protection, less than a fifth of them have complete bot management measures in place.
Lately, Telephony Denial of Service (TDoS) attacks have emerged as another part of DDoS. These attacks are being launched at emergency dispatch centers.
The bottom line
It is anticipated that DDoS attacks will continue with the same rigor this entire year and businesses will be caught in the heavy crossfire. With the increasing reliance on IT, extortion campaigns can be expected to be launched. We can also envisage a greater number of attacks on the growing 5G infrastructure.